Migrate TestCompileWithFakeSecureBootCore to compile_part_4_test.go and delete test_compile_part_4.py

MatteoPologruto · MatteoPologruto · commit 9575a4833f94 · 2022-10-14T15:43:39.000+02:00
diff --git a/internal/integrationtest/compile/compile_part_4_test.go b/internal/integrationtest/compile/compile_part_4_test.go
@@ -550,3 +550,91 @@ func TestCompileWithKnownPlatformNotInstalled(t *testing.T) {
 	// Verifies command to fix error is shown to user
 	require.Contains(t, string(stderr), "Try running `arduino-cli core install arduino:avr`")
 }
+
+func TestCompileWithFakeSecureBootCore(t *testing.T) {
+	env, cli := integrationtest.CreateArduinoCLIWithEnvironment(t)
+	defer env.CleanUp()
+
+	_, _, err := cli.Run("update")
+	require.NoError(t, err)
+
+	_, _, err = cli.Run("core", "install", "arduino:avr@1.8.3")
+	require.NoError(t, err)
+
+	sketchName := "SketchSimple"
+	sketchPath := cli.SketchbookDir().Join(sketchName)
+	fqbn := "arduino:avr:uno"
+
+	_, _, err = cli.Run("sketch", "new", sketchPath.String())
+	require.NoError(t, err)
+
+	// Verifies compilation works
+	_, _, err = cli.Run("compile", "--clean", "-b", fqbn, sketchPath.String())
+	require.NoError(t, err)
+
+	// Overrides default platform adding secure_boot support using platform.local.txt
+	avrPlatformPath := cli.DataDir().Join("packages", "arduino", "hardware", "avr", "1.8.3", "platform.local.txt")
+	testPlatformName := "platform_with_secure_boot"
+	wd, err := paths.Getwd()
+	require.NoError(t, err)
+	err = wd.Parent().Join("testdata", testPlatformName, "platform.local.txt").CopyTo(avrPlatformPath)
+	require.NoError(t, err)
+
+	// Overrides default board adding secure boot support using board.local.txt
+	avrBoardPath := cli.DataDir().Join("packages", "arduino", "hardware", "avr", "1.8.3", "boards.local.txt")
+	err = wd.Parent().Join("testdata", testPlatformName, "boards.local.txt").CopyTo(avrBoardPath)
+	require.NoError(t, err)
+
+	// Verifies compilation works with secure boot disabled
+	stdout, _, err := cli.Run("compile", "--clean", "-b", fqbn+":security=none", sketchPath.String(), "-v")
+	require.NoError(t, err)
+	require.Contains(t, string(stdout), "echo exit")
+
+	// Verifies compilation works with secure boot enabled
+	stdout, _, err = cli.Run("compile", "--clean", "-b", fqbn+":security=sien", sketchPath.String(), "-v")
+	require.NoError(t, err)
+	require.Contains(t, string(stdout), "Default_Keys/default-signing-key.pem")
+	require.Contains(t, string(stdout), "Default_Keys/default-encrypt-key.pem")
+
+	// Verifies compilation does not work with secure boot enabled and using only one flag
+	_, stderr, err := cli.Run(
+		"compile",
+		"--clean",
+		"-b",
+		fqbn+":security=sien",
+		sketchPath.String(),
+		"--keys-keychain",
+		cli.SketchbookDir().String(),
+		"-v",
+	)
+	require.Error(t, err)
+	require.Contains(t, string(stderr), "Flag --sign-key is mandatory when used in conjunction with flag --keys-keychain")
+
+	// Verifies compilation works with secure boot enabled and when overriding the sign key and encryption key used
+	keysDir := cli.SketchbookDir().Join("keys_dir")
+	err = keysDir.Mkdir()
+	require.NoError(t, err)
+	signKeyPath := keysDir.Join("my-sign-key.pem")
+	_, err = signKeyPath.Create()
+	require.NoError(t, err)
+	encryptKeyPath := cli.SketchbookDir().Join("my-encrypt-key.pem")
+	_, err = encryptKeyPath.Create()
+	require.NoError(t, err)
+	stdout, _, err = cli.Run(
+		"compile",
+		"--clean",
+		"-b",
+		fqbn+":security=sien",
+		sketchPath.String(),
+		"--keys-keychain",
+		keysDir.String(),
+		"--sign-key",
+		"my-sign-key.pem",
+		"--encrypt-key",
+		"my-encrypt-key.pem",
+		"-v",
+	)
+	require.NoError(t, err)
+	require.Contains(t, string(stdout), "my-sign-key.pem")
+	require.Contains(t, string(stdout), "my-encrypt-key.pem")
+}
diff --git a/internal/integrationtest/testdata/platform_with_secure_boot/boards.local.txt b/internal/integrationtest/testdata/platform_with_secure_boot/boards.local.txt
@@ -0,0 +1,11 @@
+menu.security=Security setting
+
+uno.menu.security.none=None
+uno.menu.security.sien=Signature + Encryption
+
+uno.menu.security.sien.build.postbuild.cmd="{tools.imgtool.cmd}" {tools.imgtool.flags}
+uno.menu.security.none.build.postbuild.cmd="{tools.imgtool.cmd}" exit
+
+uno.menu.security.sien.build.keys.keychain={runtime.hardware.path}/Default_Keys
+uno.menu.security.sien.build.keys.sign_key=default-signing-key.pem
+uno.menu.security.sien.build.keys.encrypt_key=default-encrypt-key.pem
diff --git a/internal/integrationtest/testdata/platform_with_secure_boot/platform.local.txt b/internal/integrationtest/testdata/platform_with_secure_boot/platform.local.txt
@@ -0,0 +1,8 @@
+## Create output secure image (bin file)
+recipe.hooks.objcopy.postobjcopy.1.pattern={build.postbuild.cmd}
+#
+# IMGTOOL
+#
+
+tools.imgtool.cmd=echo
+tools.imgtool.flags=sign --key "{build.keys.keychain}/{build.keys.sign_key}" --encrypt "{build.keys.keychain}/{build.keys.encrypt_key}" "{build.path}/{build.project_name}.bin" "{build.path}/{build.project_name}.bin" --align {build.alignment} --max-align {build.alignment} --version {build.version} --header-size {build.header_size} --pad-header --slot-size {build.slot_size}
diff --git a/test/test_compile_part_4.py b/test/test_compile_part_4.py
